Login Sign Up

CVE-2021-24562

7.5 HIGH
Authentication Bypass

📋 TL;DR

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the LifterLMS WordPress plugin. It allows authenticated students to access other students' answers and grades by manipulating object identifiers. WordPress sites using vulnerable versions of the LifterLMS plugin are affected.

💻 Affected Systems

Products:
  • LifterLMS WordPress Plugin
Versions: All versions before 4.21.2
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with LifterLMS plugin enabled and student accounts.

📦 What is this software?

Lifterlms by Lifterlms

View all CVEs affecting Lifterlms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass data breach of all student submissions and grades, leading to privacy violations, academic integrity issues, and potential regulatory penalties.

🟠

Likely Case

Students accessing limited numbers of other students' work, compromising academic integrity and violating privacy expectations.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring, though the vulnerability still exists.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated student access and involves simple parameter manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.21.2

Vendor Advisory: https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find LifterLMS and click 'Update Now'. 4. Verify version is 4.21.2 or later.

🔧 Temporary Workarounds

Disable Student Access

all

Temporarily disable student access to the LMS until patching is complete.

Access Restriction via .htaccess

linux

Restrict access to vulnerable endpoints using web server configuration.

# Add to .htaccess in WordPress root directory
<FilesMatch "\.(php|inc)$">
Order Deny,Allow
Deny from all
</FilesMatch>

🧯 If You Can't Patch

  • Implement strict access controls and monitoring for student activity logs.
  • Deploy a web application firewall (WAF) with IDOR protection rules.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > LifterLMS version. If version is below 4.21.2, system is vulnerable.

Check Version:

wp plugin list --name=lifterlms --field=version

Verify Fix Applied:

Confirm LifterLMS plugin version is 4.21.2 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to student submission endpoints
  • Multiple student ID parameter variations in single session

Network Indicators:

  • HTTP requests with manipulated student ID parameters
  • Unusual traffic to /wp-content/plugins/lifterlms/ endpoints

SIEM Query:

source="wordpress.log" AND ("lifterlms" OR "student_id") AND status=200 AND user_agent NOT IN ("admin_user_agents")

📊 Metadata

CVE ID: CVE-2021-24562
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-639
Published: August 23, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24562, you might also want to check these:

CVE-2025-40805 10.0

This critical vulnerability allows unauthenticated remote attackers to bypass authentication on spec...

Same vulnerability type (CWE-639)
CVE-2024-45032 10.0

This critical vulnerability allows unauthenticated remote attackers to impersonate legitimate device...

Same vulnerability type (CWE-639)
CVE-2025-0987 9.9

CVE-2025-0987 is an authorization bypass vulnerability in CB Project Ltd. Co. CVLand software that a...

Same vulnerability type (CWE-639)